Security & Fraud

Lather. Rinse. Do Not Repeat. Inside Transaction Laundering, Inc.

Ever wonder why it’s called “laundering money?” It’s because this type of fraud literally started with laundromats.

In the 1920s, laundromats were a novel business. Regular folks (the ones who didn’t have housekeepers for that sort of thing) were enamored with the coin-operated machines that, for the first time, saved them the trouble of doing the wash themselves. The popularity of laundromats grew accordingly.

Also, in the 1920s, it had recently been ruled unconstitutional to make, transport or sell alcohol (because making a rule against something always stops people from wanting to do it, right?). Spoiler alert: People still wanted to drink. If they couldn’t get their beverages legally, then they would just have to turn to less reputable sources.

Enter Al Capone and the Chicago Outfit, who turned the popularity and cash-based nature of the laundromat into an opportunity. Capone was making $60 million a year (more than three-quarters of a million in today’s U.S. dollars), funneling his ill-gotten gains through these legitimate businesses, making laundromats one of the most profitable enterprises of the day.

Today, as commerce has shifted from brick-and-mortar to virtual settings, transaction laundering has followed. It’s still the same old crime, however: using an apparently legitimate business to disguise the source of proceeds gained through criminal means. In a way, it’s sort of like cleaning – or laundering, if you will – the funds, much as one might wash one’s hands of a crime.

In a recent webinar, G2’s chief product officer, Dan Frechtling, walked Karen Webster through the analog-to-digital transformation of transaction laundering, and what modern acquirers can do to keep these bad guys out of their portfolios.

The three main takeaways?

“Laundering isn’t new, but the techniques are,” said Frechtling. “Launderers are just like legitimate businesses; they use the same business models and operations to succeed, so disrupt those. And they are looking for weak links where they can sneak into portfolios of payment companies.”

Transaction Laundering, Inc.: A Legitimate Illegitimate Business

To use Webster’s words, transaction laundering is a very legitimate illegitimate business – and that’s the whole point. That’s what the bad guys want acquiring banks to see. It’s just like Al Capone running the “Chicago Outfit” – a much more legitimate-sounding organization than “the Italian mob” or “the Mafia.”

If they want to look legitimate, said Frechtling, then bad guys must manage their core business by the same four business fundamentals as good guys: marketing, sales, operations and receivables. Therefore, good guys and bad guys are using many of the same tools and techniques.

An ongoing explosion of technologies, business models, payment types, platforms and services has made 2017 into something of a golden age for businesses, said Frechtling, but illegitimate operations are also benefitting from those innovations.

However, that can lead to a transaction laundering ring’s undoing, says Frechtling, because the weak points of legitimate businesses are well-known and can be leveraged to topple an evil enterprise. Disrupting transaction launderers requires the same approach as disrupting any other business, and that is to hit them in one of those four pillars of business.

If the fraudsters cannot reach potential customers through marketing, cannot convert those people to paying customers, cannot deliver value and cannot manage their finances – particularly, getting paid and hiding the true origin of receivables – then their enterprise will be crippled.

In the case of Al Capone, the Justice Department and the IRS went after the Chicago Outfit for tax evasion. Sure, they could have brought in Capone himself on counts of murder or any number of other offenses, but this approach, said Frechtling, took down the entire operation with him.

Disruption: Which Of The Four Pillars To Strike

To disrupt the marketing pillar, said Frechtling, one can reverse-engineer the marketing methods used based on the business’s profitability – and then strike where it hurts the most.

Scalable costs are investments made so that the business is easy to find for those who want it. This includes factors like organic search visibility, SEO, content marketing, social profiles and participation in forums where buyers are seeking whatever the ring is selling.

Variable costs tend to be higher, and therefore less desirable to fraudsters. These include things like sending messages to populations that may be interested in the product.

To disrupt the sales pillar, target whatever is the most cost-efficient area of the operation – typically a website, although there are still some instances of brick and mortar being used for transaction laundering, despite the greater expense generated by overhead costs.

Frechtling said it is often a red flag if, in 2017, a business is claiming that it can survive entirely on mail and telephone orders with no associated website. Laundering operations may attempt to go this route because the onboarding process is faster if the acquirer doesn’t have to review an eCommerce site.

To disrupt the operations pillar, force violators into lower-margin products. That is where profits come from. Frechtling says that category targeting does work. Violators can be pushed out of business, thus limiting account creation – and that, he said, is the most vulnerable part of operations.

Finally, to disrupt the receivables pillar, follow the chargebacks. Cardholders may issue a chargeback on purpose if they were unhappy with the product, just as they might do at a legitimate business. Or, they simply may not recognize the charge because the seller’s name doesn’t match the billing descriptor belonging to the front business.

Usually, said Frechtling, customers are smart enough to do the math based on the date and amount of the charge, but it doesn’t take a lot of chargebacks to see a pattern, and when combined with other data, this technique can be powerful in taking down a launderer.

Plus, tracking pre- and post-purchase activity, or following a card that is known for making illicit purchases, can lead to other illicit enterprises. Two for the price of one!

The Making Of A Transaction Laundering Ring

Frechtling says there are two types of money launderers.

First, there are those who premeditate their crime and deliberately build a business to traffic illegal goods through an innocuous-looking front – say, steroids being sold through a virtual storefront that appears to be selling vitamins instead.

Second, there are those who may be pushed into transaction laundering due to a lack of other options.

Frechtling says hate groups are feeling the squeeze as activists shine the spotlight on them, and they are struggling more than ever to raise funds – who wants to donate to the American Nazi Party? These extremists aren’t about fraud, but they may have found that it’s the only way to keep cash coming in to keep the lights on at their organization.

These groups have already had to adapt over the years as various sources of funding have been cut off. Many became reliant on selling goods and raising money online. Now, to sell their true product – which is an ideology – they must mask their activities under the guise of something less objectionable, such as selling Second Amendment patches, books and memorabilia.

In both cases, said Frechtling, real customers know the way to the real goods. They may never even see the front site. Conversely, unless they’re looking for it, acquirers may never see the violating site. It could be sandwiched in their portfolio, hidden in plain sight.

Drawing Back The Curtain

Frechtling concluded with four tips for acquirers to keep their portfolios clean of transaction launderers.

First, better onboarding processes are needed. Don’t just look at the business, he said, but also the names and other data associated with it. True, some rings are smart enough to nominate a business representative to help them slide under the radar, but not all of them are.

Also consider the merchant’s marketing efforts. A front business will likely have only superficial marketing and lack a rich online signature. Look for directory listings and social profiles, Frechtling said.

Second, holistic evaluation is necessary. Don’t be too shy to use other acquirers’ data, said Frechtling. The bad guys are counting on acquirers working solo rather than sharing information. Industry tools can reveal patterns across acquirers that expose syndicate organizations and can link launderers to related operations.

Third, improve fraud network mapping. Don’t just search within your own portfolio, but across the entire web. Front sites can lead to more front sites, said Frechtling.

Launderers keep sleeper sites ready to launch if their primary front is taken down so that business at the violating site does not get disrupted. These front sites will often share code and/or identities, since it would be costly and time-consuming to make each one totally unique.

Finally, make a point of consistent internal communication. Communicate perpetually, whenever there is a suspicious event. Underwriting, risk, customer support and/or sales teams should meet on a weekly basis, Frechtling recommends. Management teams should do so monthly. Even risk events that did not turn out to be violations are worth discussing, he said.

And as a bonus tip, Frechtling concluded, get in on some of the global collaborations against transaction laundering. While sales and marketing may be competitive, most international clients he’s worked with don’t see fraud that way. They’re all in that race together.

—————————-

You Might Also Like:

TRENDING RIGHT NOW

To Top